Migrate configuration from Shorewall to Pfsense.
-
Hello ,
I want to migrate a client configuration from Shorewall to Pfsense.
In the current FW have two IPsec VPN for two different providers , this no have any problem.
The context is this : we have some equipments in a network of mobile providers and these send some information to application server in our Lan. we have two von to connect to network provider and routing a traffic to our Lan.
This two provider are totally different.
The equipments send a information to one of virtual IP in actual FW and when the packets arrive at FW we change a original destination IP from to original destination to new and this new is a IP at server in a Lan.
This Dnat us change in pre routing.
The scheme is this ( this graph no show real IP, i change):
IpSec VPN LAN
VPN < –------------------------------ > 190.43.23.3 : FW Linux IP : 192.168.10.15 < --- ----------------------- > Server 192.168.10.20
Virtual IP Client : 192.168.90.2Original Package Source : from 192.168.5.20:1234 to 192.168.90.2
Change the destination FW : from 192.168.90.2:1234 to 192.168.10.20:1234This setting can not be changed because there are multiple external devices that use it so it would be very expensive to change.
Two rules in the actual firewall are :
Chain PREROUTING (policy ACCEPT 1352K packets, 220M bytes)
pkts bytes target prot opt in out source destination
856K 126M net_dnat all -- eth1 * 0.0.0.0/0 0.0.0.0/0Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
41263 4004K DNAT udp -- * * 192.168.5.0/19 0.0.0.0/0 udp dpt:1314 to:192.168.10.20
34234 3314K DNAT udp -- * * 192.168.5.0/19 0.0.0.0/0 udp dpt:3066 to:192.168.10.20It must be assumed that all routes work well , the problem is more of DNAT .
Someone can tell me how you'd do:
1. Configure a virtual interface .
2. Is it posible to seup this Dnat in pre routing in pfSenseIf it no any clear, please ask me.
Sorry for my english.
I would appreciate your help.
Thank you.